Python SSL请求和“让我们加密"证书 [英] Python SSL requests and Let's Encrypt certs

查看:121
本文介绍了Python SSL请求和“让我们加密"证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在努力获取请求库来执行使用让我们进行加密证书向我的站点进行简单的GET请求.该网站一切正常,我可以从Chrome正常访问它. (我目前正在运行OSX El Capitan).

I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome just fine. (I'm running OSX El Capitan at the moment).

首先,我尝试对网站执行GET请求:

First I tried doing a GET request to the site:

>>> import requests
>>> requests.get('https://example.com')

这给了我

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

然后,我尝试了各种方法,包括获取让我们进行加密的权限证书,以及以下的命令成功验证我的站点的证书:

I then tried various things, including getting hold of the Let's Encrypt authority certificate, and the following openssl command verifies my site's certificate successfully:

> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443

其输出包括以下内容:

...
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ...
    Session-ID-ctx: 
    Master-Key: ...
    Key-Arg   : None
    Start Time: 1452865123
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

也许我在这里遗漏了一些东西,但是在我看来,我的网站似乎已经根据我提供的加密加密"授权证书进行了验证.因此,我很高兴将Python代码更改为:

Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. So, I happily changed my Python code to:

>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')

但是我仍然不断收到requests.exceptions.SSLError错误.我也尝试使用授权证书的DER格式,但是随后从requests收到以下错误:

But I still keep getting the requests.exceptions.SSLError error. I've also tried using the DER format of the authority certificate, but then I get the following error from requests:

requests.exceptions.SSLError: unknown error (_ssl.c:2825)

有人可以教育我如何解决这个问题吗?

Can anybody perhaps educate me as to how to go about fixing this?

推荐答案

诸如计算机上的CA CERTS之类的声音不是最新的,或者未将Web服务器配置为提供完整证书链的服务器.

Sounds like your CA CERTS on the machine are not up to date or the web server is not configured to server the full certificate chain.

这篇关于Python SSL请求和“让我们加密"证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Python最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆